Role overview
Founded in Silicon Valley in 2009 by Marc Andreessen and Ben Horowitz, Andreessen Horowitz (aka a16z) is a venture capital firm that backs bold entrepreneurs building the future through technology. We are stage agnostic. We invest in seed to venture to growth-stage technology companies, across AI, bio + healthcare, consumer, crypto, enterprise, fintech, games, and companies building toward American dynamism. a16z has $45B in assets under management across multiple funds.
Weâve established a team that is defined by respect for the entrepreneur and the company-building process; we know what itâs like to be in the founderâs shoes. Weâve invested in companies like Affirm, Airbnb, Coinbase, Databricks, Devoted Health, Insitro, Figma, GitHub, Instacart, OpenSea, Roblox, Stripe, and Substack. Our team is at the forefront of new technology, helping founders and their companies impact and change the world.
As the Cybersecurity Operations Analyst at a16z, you will stabilize and strengthen the core of the firmâs cybersecurity operations. This hands-on role is responsible for leading day-to-day incident response and detection engineering efforts, while also identifying and remediating operational gaps in coverage, continuity, and tooling.
What you'll work on
- Lead cyber incident response operations from alert triage through containment, including post-incident analysis and coordination with stakeholders
- Stabilize and scale core CyberOps workflows by improving documentation, response playbooks, and team-level knowledge sharing
- Tune and optimize detection rules and telemetry pipelines, ensuring high-quality signal and reducing noise across alerts
- Automate repetitive response and triage workflows to improve response time, analyst efficiency, and operational consistency
- Leverage AI technologies, including generative AI and large language models, to enhance detection, accelerate investigation workflows, and identify patterns and threats
- Build operational redundancy and reduce risk, ensuring that no single individual is a point of failure for incident response or CyberOps coverage
- Participate in threat hunting and log analysis to identify anomalies, gaps, and opportunities to improve coverage
- Continuously improve visibility and response capabilities, working closely with the broader security, IT, verticals, and platform teams
- Contribute to post-incident reviews and lessons learned, helping improve detection logic, containment playbooks, and response strategy over time
What we're looking for
- 5+ years of hands-on experience in a security operations, incident response, or threat detection role
- Strong technical understanding of detection engineering, response workflows, and the end-to-end incident lifecycle
- Experience with SIEM platforms (e.g., Splunk, Chronicle, Crowdstrike, Sumo Logic) and ability to create and optimize correlation rules and detection content
- Familiarity with SOAR platforms (e.g., Cortex XSOAR, Tines, Swimlane) and experience automating common alert triage and response actions
- Deep understanding of event logging and telemetry collection from endpoints, cloud platforms, and identity systems
- Experience conducting threat hunting across multiple data sources using tools like KQL, SPL, or custom scripting
- Strong written and verbal communication skills, especially in documenting playbooks and summarizing incident findings for technical and non-technical stakeholders
- Ability to operate independently and collaboratively in a fast-paced, high-trust environment
- Familiarity with security frameworks such as NIST 800-53, MITRE ATT&CK, or CIS Benchmarks to guide detection coverage and response alignment
- Strong documentation skills, with the ability to create and maintain technical content, user communications, training guides, and instructional materials that support operational clarity and knowledge sharing
- Curiosity, accountability, and a commitment to continuous improvement in security operations
- Low ego, high empathy, and the capacity to collaborate effectively with diverse teams